Senator: Car hacks that control steering or steal driver data way too easy

Most known hacks could be prevented with simple measures, researcher says.

Recently manufactured cars expose drivers to hacking attacks that could cause collisions and steal sensitive personal information, according to a report released Monday by a US Senator.

The majority of model-year 2014 cars offer network-connected features that provide driving directions, messaging, hands-free phone calls, safety monitoring, and entertainment. But a lack of security defenses makes it possible for those features to be remotely hijacked, potentially giving attackers the ability to control critical functions such as steering and braking, the 12-page report warned. Monday's report was issued by the office of US Senator Edward Markey, a member of the Senate Commerce Committee, which has jurisdiction over the auto industry. The report is the result of correspondence with 20 automobile manufacturers that received questions from Markey about the security mechanisms they employ to prevent hacking attacks.

"These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," the report warned.

Further Reading

The report comes 19 months after whitehat hackers Charlie Miller and Chris Valasek demonstrated attacks on two 2010 car models—a Toyota Prius and a Ford Escape—that allowed them to control the speed and braking with a connected laptop computer. The hackers piggybacked off of previous research that showed how CD players, Bluetooth units, and other on-board electronics were susceptible to hacks that allowed attackers to replace the normal firmware with malicious code. Once running, the malware is able to send malicious commands to virtually any other component connected to the vehicle's controller area network (CAN). Combined, the two demonstrations suggested it was well within the ability of a competent hacker to take control of a car's CAN using a maliciously modified CD or Bluetooth-connected smartphone.

Intrusion detection for you CAN

Markey's report noted that despite the passage of two model years, most manufacturers have done little to harden vehicles against such attacks. Only two of the manufacturers contacted were able to describe any capabilities to diagnose or prevent a hack in real time, and most said they relied on technologies that couldn't use such measures at all. Such intrusion detection and prevention is standard in most networks operated by large companies and government agencies but so far is largely missing from CANs.

"Chris and I showed a year or two ago how a very simple system can prevent every attack anyone has ever come up with," Miller wrote in an e-mail to Ars. "I'd love to see manufacturers begin to adopt this type of technology or for the government to require it."

Markey's report called on government regulators to draft standards ensuring that cars with wireless access points and data-collection features are protected against hacking events and security breaches. It also called for mandates requiring security systems to be subjected to penetration testing, in which whitehat hackers actively work to bypass the systems, and called for drivers to be permitted to opt out of data collection and to transfer driver information to off-board storage.

"The alarmingly inconsistent and incomplete state of industry security and privacy practices, along with the voluntary principles put forward by industry, raises a need for the National Highway Traffic Safety Administration (NHTSA), in consultation with the Federal Trade Commission (FTC) on privacy issues, to promulgate new standards that will protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles," it stated.

whoever thought it was a good ideas to hook engine management and vehicle control functions up to the same physical CAN network as the entertainment system, GPS, etc. needs to be shot.

yes, the CAN bus is cool and multi-purpose. but shit like GPS with network connectivity on it, on the same network? nightmare waiting to happen...

edit:and as to the car "needing" to get input from those systems. no it doesn't. My first car, an old 1979 corolla did just fine without any of that shit thanks.

Unless you lived in Japan and bought the one engine (out of something like eight) that was fuel injected, then your first Corolla also didn't need fuel injection, seatbelt pre-tensioners, a CD player, and a ton of other stuff that's on cars now. Welcome to the world of progress.

My E39 5 series BMW is injected, has variable valve timing, etc. and doesn't need internet hooked up to its CAN bus either.

You think the only possible vulnerability is if there's wireless internet?

No, but it is the most serious.

if someone gets physically into my car to sabotage it, i'm fucked., If they have physical access they can do simple things like messing with brakes, inserting a car bomb or whatever.

But potentially exploiting the vehicle via compromise of services running over the air? Scary shit.

Remote telematics systems and Bluetooth already make this a possibility without needing IP connectivity. This is a weird discussion thread, as many people are discussing cars as if features introduced five or even ten years ago (in some cases longer) simply don't exist.

It's also weird that on a site where one frequently sees Tesla lauded for over-the-air firmware updates, as soon as the discussion turns to security suddenly there's an outcry against internet connectivity. Hopefully it's different people on either side of that, but I wouldn't be surprised...

How about isolating critical systems from systems that have outside exposure. Why would the breaking system need to be connected to the sound system?

A reasonable goal for today's cars, but what happens when self driving vehicles become mainstream? Best plan for the near future with today's legislation, we certainly don't need to be deliberating this when people are remote controlling self driving cars and staging demolition derbies with occupied vehicles.

Even then, why would the self-driving things need to be connected to 'entertainment' stuff ? Driving is driving and all else is connected passwords and skype and ad-ware and malicious CD and whatever else.

Some components will need to at the very least share data between entertainment devices and car components. High resolution maps are going to be needed by the self driving car to augment active sensors. This map data will also be rendered on an infotainment system (or a hud). Data from V2V sensors will need to be shown to drivers so that they can get information about the cars around them (for example in the event of a pending accident).

That's not to say we can't design an architecture that is secured. A better approach then physically seperate BUSs could be a CQRS system. There could also be secure messages on the BUS so that for example the only 2-3 out of the 100s of components on the car have rights to message the breaks, but all 100 can receive broadcast messages _from_ the brakes.

I'm very suprised with the responses in this thread. Let's not forget that connected cars could quite easily save 15-20 thousand lives a year in the states.